Re: https://urlquery.net/report/4040f81a-ffb6-4762-a666-578f8ecf66db
Rep Warning from Shadowserver -

Warning on WordPress security scan for that particular CMS alerted:
Warning User Enumeration is possible

The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 scsadmin scsadmin
2 Johnboy Baker jpbaker-dev
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Code: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3Ll58fSNbbnxsc3V9dnt5W25nLl5dbQ%3D%3D~enc

96 security errors detected here: https://webhint.io/scanner/a4526d89-6696-4217-a446-5cd6df5f842b
1 vuln. jQuery library flagged here: https://retire.insecurity.today/#!/scan/a555732066805aa85668fc2355efcf589718a20c420f9d42e26f1331c5be2aeb
equals that described here → https://snyk.io/vuln/npm:jquery → https://snyk.io/vuln/npm:jquery:20150627 (Cross Site Scripting)
jQuery@1.12.4’ has 1 known vulnerability (1 medium). Check on that vuln. from the unminified code → discussed here: https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc (info credits go to dmethvin).

error in code

[script] -www.cardinalsurveying.com/wp-includes/js/wp-embed.min.js?ver=4.9.8
info: [decodingLevel=0] found JavaScript
error: undefined function b.attachEvent
error: undefined variable b
info: [element] URL=-www.cardinalsurveying.com/undefined
info: [1] no JavaScript
file: a94410e63195718f8d8b21b268155494be5147e1: 43175 bytes
file: 9bbba02326099b6cf3cb93bde03e7055c34e8325: 75 bytes
&
[script] -www.cardinalsurveying.com/wp-includes/js/wp-embed.min.js?ver=4.9.8
info: [decodingLevel=0] found JavaScript
error: undefined function b.attachEvent
error: undefined variable b
suspicious: maxruntime exceeded 10 seconds (incomplete) 0 bytes
&
-www.cardinalsurveying.com/wp-content/themes/Divi/js/custom.js?ver=3.14 benign

• (script) -www.cardinalsurveying.com/wp-content/themes/Divi/js/custom.js?ver=3.14
  status: (referer=-www.cardinalsurveying.com/)saved 57995 bytes 4357d4bd5e6dd7fe2d0551c9a5b182ef025df1dd
  info: [decodingLevel=0] found JavaScript
  error: undefined variable jQuery
  error: undefined function $
  file: 4357d4bd5e6dd7fe2d0551c9a5b182ef025df1dd: 57995 bytes

Reports on shared IP: https://feodotracker.abuse.ch/host/66.228.55.240/ & https://www.virustotal.com/pl/url/28bac3eee4b4d8a01d1edec97fe1b84c7aa9fe10e6feb60b2f5789a84c85bef4/analysis/1526480308/
and latest: https://www.virustotal.com/pl/url/28bac3eee4b4d8a01d1edec97fe1b84c7aa9fe10e6feb60b2f5789a84c85bef4/analysis/
& https://map.httpcs.com/alert/429210 &

polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)

Latest generic malware launched from above mentioned IP - https://feodotracker.abuse.ch/host/66.228.55.240/
listed here: Win32:Malware-gen as avast detects.

pol